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DETAILED ACTION 



1. 



Currently pending claims are 1 - 29. 



Response to Arguments 



2. Applicant's arguments have been fully considered but are not persuasive. 

3. As per claim 1,13 and 25, Applicant asserts Black neither teaches, discloses, 
nor suggests "an external display to display the security status of the appliance directly 
on an outside of the appliance 1 ' or "an internal display to display the security status of 

* 

the appliance within an inside of the appliance. Examiner respectfully disagrees 
because Black teaches (a) the situation, specified as the security event exceeding the 
respective pre-determined threshold, is qualified as "the security status" as claimed, (b) 
Examiner notes "displayed the situations to an administrator ", as taught by Black, must 
use an external display so that somehow in any way, it can be presented to the 
administrator (i.e., data in computer memory is not tangible to a human) and as such 
Black does teach an external display to display the security status of the appliance 
directly on an outside of the appliance and (c) Black teaches "the internal event log 
identified as a format of (SRC, TARGET, CLASS) is considered as an internal display" - 
This is also consistent with the specification of the instant application specification that 
states the internal display may be a simple mechanism such as the setting of a flag 
(SPEC: Para [0024] last two sentences) and as such Black does teach an internal 
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display to display the security status of the appliance within the inside of the appliance. 
Therefore, Applicant's arguments are respectfully traversed. 

* 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraph of 35 U.S.C. 102 that 
forms the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another 
filed in the United States before the invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in the United States before the invention by the applicant for patent, 
except that an international application filed under the treaty defined in section 351 (a) shall have the effects 
for purposes of this subsection of an application filed in the United States only if the international application 
designated the United States and was published under Article 21(2) of such treaty in the English language. 

4. Claims 1 -4, 6-9, 11 - 16, 18-21, 23-27 and 29 are rejected under 35 
U.S.C. 102(e) as being anticipated by Black et al. (U.S. Patent 2003/0041264). 

As per claim 1 , Black teaches a system comprising: 

an appliance-internal unit to detect a security status of an appliance (Black: Para 
[0006] Line 1 - 3, Para [0036] and Para [0025]); 

an external display to display the security status of the appliance directly on the 
outside of the appliance (Black: Para [0050] Line 14-16: (a) the situation, specified as 
the security event exceeding the respective pre-determined threshold, is qualified as 
"the security status" as claimed, (b) Examiner notes "displayed the situations to an 
administrator ", as taught by Black, must use an external display so that somehow in any 
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way, it can be presented to the administrator (i.e., data in computer memory is not 
tangible to a human) and as such Black does teach an external display to display the 
security status of the appliance directly on an outside of the appliance); 

an internal display to display the security status of the appliance within the inside 
of the appliance (Black: Para [0010] Line 1-6: the internal event log identified as a 
format of (SRC, TARGET, CLASS) is considered as an internal display - This is also 
consistent with the specification of the instant application specification that states "the 
internal display" may be a simple mechanism such as the setting of a flag (SPEC: Para 
[0024] last two sentences)); and 

a transmission unit to transmit security status data between other appliances in a 
network of appliances such that the security status data can be subjected to data 
processing in the network of appliances (Black: Para [0035] - [0036] and Para [0050]: 
each event of a computer is transmitted over the network and correlated / grouped as a 
network event). 

As per claim 13, Black teaches a method for display and detection of a security 
status of an appliance comprising: 

detecting the security status of the appliance (Black: Para [0006] Line 1-3, Para 
[0036] and Para [0025]); 

displaying the security status of the appliance on an outside of the appliance 
(Black: Para [0050] Line 14 - 16: (a) the situation, specified as the security event 
exceeding the respective pre-determined threshold, is qualified as "the security status" 
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as claimed, (b) Examiner notes "displayed the situations to an administrator ", as taught 
by Black, must use an external display so that somehow in any way, it can be presented 
to the administrator (i.e., data in computer memory is not tangible to a human) and as 
such Black does teach an external display to display the security status of the appliance 
directly on an outside of the appliance); 

displaying the security status of the appliance on an inside of the appliance 
(Black: Para [0010] Line 1-6: the internal event log identified as a format of (SRC, 
TARGET, CLASS) is considered as an internal display - This is also consistent with the 
specification of the instant application specification that states "the internal display" may 
be a simple mechanism such as the setting of a flag (SPEC: Para [0024] last two 
sentences); and 

transmitting data between appliances in a network of appliances such that 
security status data can be subjected to data processing in the network of appliances 
(Black: Para [0035] - [0036] and Para [0050]: each event of a computer is transmitted 
over the network and correlated / grouped as a network event). 

As per claim 25, Black teaches a automation appliance for display of a security 

* 

status, having: 

an appliance-internal unit to detect the security status of the appliance (Black: 
Para [0006] Line 1 - 3, Para [0036] and Para [0025]); 
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an external display to display the security status of the appliance directly on the 
outside of the appliance (Black: Para [0050] Line 14 - 16: the security status is 
displayer to a user or an administrator); and 

an internal display to display the security status within the inside of the appliance 
in a format readable by other internal devices within the appliance (Black: Para [0010] 
Line 1 - 6, Para [0035] and Para [0050] / [0048] & Figure 5: (a) the internal event log 
identified as a format of (SRC, TARGET, CLASS) is considered as an internal display - 
This is also consistent with the specification of the instant application specification that 
states "the internal display" may be a simple mechanism such as the setting of a flag 
(SPEC: Para [0024] last two sentences (b) i.e., a common format for a classified event 
group associated with a particular network situation that can be communicated within 
the network). 

As per claim 2 and 14, Black teaches the appliances are automation appliances 
(Black: Para [0006] Line 7-10, Para [0009] and Para [0010]: automation user 
programs is provided for the internal display as a common format event logs to prevent 
merely dumping the system events to an administrator to sort through and make sense • 
of the data, as taught by Black). 

As per claim 3, 15 and 26, Black teaches the external display visually displays 
the security status (Black: Para [0050] Line 14-16: the security status is displayer to a 
user or administrator). 
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As per claim 4, 16 and 27, Black teaches an access unit to run automation user 
programs on the internal display (Black: Para [0006] Line 7-10, Para [0010], Para 
[0009] and Para [0036]: (a) a computer access unit is provided for automation user 
programs for the internal display as a common format event logs to prevent merely 
dumping the system events to an administrator to sort through and make sense of the 
data, as taught by Black (b) the internal event log identified as a format of (SRC, 
TARGET, CLASS) is considered as an internal display - This is also consistent with the 
specification of the instant application specification that states "the internal display" may 
be a simple mechanism such as the setting of a flag (SPEC: Para [0024] last two 
sentences) 

» 

As per claim 6 and 18, Black teaches a joint display to display an overall security 
status of a plurality of appliances, respectively having their internal displays linked 
(Black: Figure 7 & 8, Para [0035] and [0050] / [0048] : the collection and correlation of 
event logs from each computers within the network as a group network event is 
considered as a joint display). 

As per claim 7 and 19, Black teaches the joint display is an external visual 
display (Black: Para [0050] Line 14-16: the correlated security status is displayer to a 
user or administrator). 
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As per claim 8 and 20, Black teaches there are a plurality of joint displays, each 
displaying the status of a different plurality of appliances (Black: Para [0036], Figure 4B 
/ 4C, Figure 7 & 8, Para [0035] and Para [0050]), and the overall security status is 
passed on from the joint display to a higher-level joint display that displays an overall 
security status of the appliances communicating with the joint displays (Black: e.g., 
Figure 8, Table 1 and Para [0050]: Figure 8 / Element 802 is one type of joint display 
that is further passed on to a higher-level joint display of Figure 8 / Element 800). 

As per claim 9 and 21 , Black teaches there are a plurality of joint displays, each 
displaying the status of a different plurality of appliances (Black: Para [0036], Figure 4B 
/ 4C, Figure 7 & 8, Para [0035] and Para [0050]), and a server is provided for 
administration and display of the respective status of the joint displays appliances 
(Black: Para [0025], Para [0035] and Figure 8 / Element 800). 

As per claim 1 1 and 23, Black teaches a portion of the appliances have internal 
security mechanisms (Black: Para [0010], Para [0035] and Para [0050] & Figure 5: the 
internal event log identified as a format of (SRC, TARGET, CLASS) is considered as an 
internal security mechanisms - This is also consistent with the specification of the 
instant application specification that states "the internal display" may be a simple 
mechanism such as the setting of a flag (SPEC: Para [0024] last two sentences)), a 
portion of the appliances are without internal security mechanisms (Black: Para [0006] 
Line 7-10: "without internal security mechanisms" is considered as the method that 



f 
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merely dumps system events to an administrator to sort through and make sense of the 
data), and the system integrates appliances without internal security mechanisms with 
appliances that have internal security mechanisms (Black: Para [0010] and Para [0006] 
Line 7 - 10: a system can be managed with either automatically or manually as needed 
- This also appears in the application specification). 

As per claim 12 and 24, Black teaches the transmission unit transmits security 
status via an Intranet and/or the Internet (Black: Para [0035]). 

As per claim 29, Black teaches the internal display functions as an input for other 
devices within the appliance (Black: Para [0010], Para [0035] and Para [0050]: i.e., a 
common format for a classified event group associated with a particular network 
situation that can be communicated within the network). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

A person shall be entitled to a patent unless - 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 1 02 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the invention was made to 
a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 
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5. Claims 5, 17 and 28 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Black et al. (U.S. Patent 2003/0041264), in view of Grainger (U.S. Patent 
6,910,135). 

As per claim 5, 17 and 28, Black teaches collecting the event logs with a 
common format stored internally in the computer memory as an internal-information 
base, accessing to the security status being provided by the internal display and 
communicating each of computer events over the TCP/IP network that are correlated / 
grouped as a network event (Black: Para [0010], Para [0035] - [0036], Page 2 / Left 
Column / Line 1 - 5 and [0050] / [0048]). 

However, Black does not disclose expressly an internal-information base to 
provide access to the security status from the network of appliances via standard 
protocols. 

Grainger teaches an internal-information base to provide access to the security 
status from the network of appliances via standard protocols (Grainger: Column 3 Line 
18 - 23 / Line 32 - 36: SNMP / MIB (Management Information base) is used by an 
event correlation engine as a common information base and standard protocol for 
managing network events such as security status). 

Accordingly, Black in view of Grainger teaches an internal-information base to 
provide access to the security status from the network of appliances via standard 
protocols, access to the security status being provided by the internal display (See the 
reasons set forth above). 
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It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Grainger within the system of Black 
because (a) Black teaches detecting and presenting the network security and intrusion 
information relating to a series of security violations to a user by collecting the event 
logs with a common format stored internally in the computer memory as an internal- 
information base, accessing to the security status being provided by the internal 
display and communicating each of computer events over the TCP/IP network that are 
correlated / grouped as a network event (Black: Para [0010], Para [0035] - [0036], 
Page 2 / Left Column / Line 1 - 5 and [0050] / [0048] (Black: Para [0002]) and (b) 
Grainger teaches providing an effective use of SNMP / MIB (Management Information 
base) by an event correlation engine as a common information base and standard 
protocol for managing network events such as security status (Grainger: Column 3 Line 
18 -23 /Line 32 -36). 

6. Claims 10 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Black et al. (U.S. Patent 2003/0041264), in view of Douglas (U.S. Patent 
2004/0049693). 

As per claim 10 and 22, Black does not disclose expressly the security status of 

the internal display can be simulated such that the internal display is active even without 

the appliance-internal unit detecting the security status. 

Douglas teaches the security status of the internal display can be simulated such 
that the internal display is active even without the appliance-internal unit detecting the 
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security status (Douglas : Para [0089]: for debugging and testing purpose - This also . 

appears in the application specification). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Douglas within the system of Black 
because (a) Black teaches detecting and presenting the network security and intrusion 
information relating to a series of security violations to a user (Black: Para [0002]) and 
(b) Douglas teaches host-based intrusion detection system (HIDS) that monitors, 
simulates, tests and debugs the system logs for evidence of malicious or suspicious 
application activity and detects attacks targeted at the host system on which it is 
installed and monitors output to the system and audit logs (Douglas : Abstract and 
Para [0089]). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing date 
of this final action. 
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Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Longbit Chai whose telephone number is 571-272-3788. The examiner 
can normally be reached on Monday-Friday 9:00am-5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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